Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Einschätzung otl-log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.05.2011, 08:34   #1
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



Guten Morgen,
ich hatte gestern einen trojaner-befall des typs "TR/Kazy.mekml.1". Nun habe ich, entsprechend der anleitung des forums, malewarebytes ausgeführt, und die infizierten datein gelöscht. außerdem habe ich otl.exe und unhide.exe laufen lassen.

Nun wollte ich zunächst fragen, ob mir jemand ein kostenlose Lösung empfehlen kann, wie soetwas nicht mehr vorkommt.
Außerdem wollte ich gerne wissen, ob die beiden logs von otl in ordnung sind, oder ich weitere schritte unternehmen muss. vielen dank schonmal im voraus.

hier die otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.05.2011 08:12:59 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
 
Computer Name: -PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
PRC - [2011.05.11 17:09:56 | 003,318,784 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\sp_rsser.exe
PRC - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.18 17:49:27 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.14 18:50:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe
PRC - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe
PRC - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
PRC - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2009.01.08 21:30:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.05 05:16:26 | 000,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe
PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.01.17 08:33:02 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.03.19 18:22:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.24 16:25:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.09 13:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.01.09 13:03:40 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.01.09 13:03:40 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009.01.09 13:03:40 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009.01.09 13:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008.12.31 17:29:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.10.23 14:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.06.09 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://webmail.eva.mpg.de/ox6/ox.html"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {C3B2959E-301D-47E5-A440-2C797569D4F6}:1.9.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 18:42:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 18:42:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: D:\components [2011.03.05 13:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: D:\plugins [2011.04.12 09:12:07 | 000,000,000 | ---D | M]
 
[2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions
[2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.15 08:53:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\psm38bn6.default\extensions
[2011.04.15 08:50:53 | 000,000,873 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\conduit.xml
[2011.05.09 19:13:45 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-1.xml
[2009.05.06 10:11:58 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-2.xml
[2009.05.16 01:37:22 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-3.xml
[2009.06.24 09:30:06 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-4.xml
[2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin.xml
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.19 09:35:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.02.25 11:47:46 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.05.27 20:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011.05.11 14:51:26 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JAN\APPDATA\LOCAL\{C3B2959E-301D-47E5-A440-2C797569D4F6}
[2011.01.21 12:04:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.01.21 12:04:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.21 12:04:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.01.21 12:04:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.01.21 12:04:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Bdidomurediqatar]  File not found
O4 - HKCU..\Run: [Hwefutiyayiyoh]  File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ebay.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: eintracht-schkeuditz.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.07 17:27:18 | 000,077,893 | ---- | M] (Palm, Inc.) - D:\AutoDetect.dll -- [ NTFS ]
O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell - "" = AutoRun
O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell - "" = AutoRun
O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - D:\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Jan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger -  File not found
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.12 08:10:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe
[2011.05.11 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2011.05.11 22:23:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 22:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.11 22:23:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.11 22:23:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.11 22:18:42 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\\mbam-setup.exe
[2011.05.11 17:09:55 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2011.05.11 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011.05.11 17:09:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spyware Terminator
[2011.05.11 17:09:37 | 000,000,000 | -H-D | C] -- C:\Programme\Spyware Terminator
[2011.05.11 16:58:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.05.11 14:51:26 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}
[2011.05.10 08:41:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.10 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.10 08:41:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.05.02 09:22:33 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\korrekturen ma
[2011.04.30 18:41:35 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\Abschlussprüfung
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2011.05.12 08:03:44 | 000,028,389 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.05.12 08:02:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 08:02:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.12 08:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.12 08:02:29 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.12 00:34:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.11 22:18:53 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\\mbam-setup.exe
[2011.05.11 21:22:09 | 000,000,120 | -H-- | M] () -- C:\Users\\AppData\Local\Tjavecus.dat
[2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job
[2011.05.11 14:51:27 | 000,000,000 | -H-- | M] () -- C:\Users\\AppData\Local\Ixuyefub.bin
[2011.05.11 14:49:22 | 000,000,000 | -H-- | M] () -- C:\Users\\2gweorjqjutp92vjy9gake
[2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.05 12:01:48 | 000,770,571 | -H-- | M] () -- C:\Users\\Desktop

[2011.05.02 09:24:28 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.02 09:24:28 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.02 09:24:28 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.02 09:24:28 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 15:52:48 | 000,132,642 | -H-- | M] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf
[2011.04.16 15:04:52 | 000,373,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.15 14:02:55 | 000,049,866 | -H-- | M] () -- C:\Users\\Desktop\
 
========== Files Created - No Company Name ==========
 
[2011.05.11 21:59:04 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.11 17:09:56 | 000,142,592 | -H-- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.05.11 14:51:27 | 000,000,120 | -H-- | C] () -- C:\Users\\AppData\Local\Tjavecus.dat
[2011.05.11 14:51:27 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\Ixuyefub.bin
[2011.05.11 14:49:22 | 000,000,000 | -H-- | C] () -- C:\Users\\2gweorjqjutp92vjy9gake
[2011.05.05 12:01:45 | 000,770,571 | -H-- | C] () -- C:\Users\\Desktop\gesamtes Dokument_umstrukturiert_kompatibel_1.pdf
[2011.04.26 15:52:47 | 000,132,642 | -H-- | C] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf
[2011.04.15 14:02:55 | 000,049,866 | -H-- | C] () -- C:\Users\\Desktop\Aushang_Prferzuordnung_2011-04-14.pdf
[2010.07.15 22:48:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\aveficawajurija.dll
[2010.07.15 16:50:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\udacubuwo.dll
[2010.07.15 01:40:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\igudonotudokawas.dll
[2010.07.14 23:38:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\useficaw.dll
[2010.07.14 21:36:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\adavupilidar.dll
[2010.07.14 19:34:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\awoyafisequpal.dll
[2010.07.14 12:06:18 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osemowemowemo.dll
[2010.07.14 10:04:15 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\obuzuquf.dll
[2010.07.14 00:14:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\enizevuladiwoxew.dll
[2010.07.13 22:12:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\iveladolequfiraw.dll
[2010.07.13 17:34:21 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\unidicuvuh.dll
[2010.07.13 09:03:06 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\eyihurozecec.dll
[2010.07.12 23:52:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\onunagogutagesa.dll
[2010.07.12 21:50:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\elutulivihan.dll
[2010.07.12 19:48:40 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uwuninozumah.dll
[2010.07.12 18:17:20 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ogoqubef.dll
[2010.07.12 13:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\orayuliw.dll
[2010.07.12 11:19:57 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uxesukas.dll
[2010.07.12 07:15:58 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ezojatazalebinur.dll
[2010.07.12 00:24:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etoyojomuc.dll
[2010.07.11 22:22:31 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osetufumul.dll
[2010.07.11 20:20:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uzabeguy.dll
[2010.07.11 18:18:35 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\afejilil.dll
[2010.07.11 09:58:47 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etosonocesofihut.dll
[2010.07.11 07:56:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ajazavoh.dll
[2010.07.11 05:54:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ivobeyitamewiga.dll
[2010.07.10 20:32:05 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\oyemexizodulip.dll
[2010.07.10 18:30:13 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ufolikolakefuper.dll
[2010.07.10 12:44:04 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ihomucorojewujo.dll
[2010.07.10 10:53:23 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ociliyojoqo.dll
[2010.04.30 11:28:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.04.26 22:40:05 | 000,000,032 | --S- | C] () -- C:\Users\\AppData\Local\886739347.dat
[2009.05.29 18:57:21 | 000,001,372 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.05.23 13:27:53 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.05.23 13:20:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.05.23 13:20:31 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.05.22 12:19:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.25 00:45:54 | 000,027,648 | -H-- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.24 19:07:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.12.24 19:07:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.26 13:37:16 | 000,686,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.26 13:37:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.26 13:37:16 | 000,150,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.26 13:37:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.06.26 13:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.25 23:08:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.25 07:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.06.25 07:36:36 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.06.25 07:36:12 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.25 07:30:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.06.25 07:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.06.25 07:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.06.25 07:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.06.25 07:22:17 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe
[2008.06.25 07:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2008.06.25 07:18:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.06.25 07:18:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,373,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,643,612 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,500 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich
[2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip
[2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited
[2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools
[2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon
[2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure
[2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync
[2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ
[2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech
[2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec
[2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\AppData\Roaming\Thunderbird
[2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars
[2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount
[2010.12.01 14:26:37 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2010.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010.12.01 02:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010.11.30 02:47:04 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011.05.12 00:34:11 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich
[2011.05.11 14:49:22 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Adobe
[2011.02.09 13:15:42 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Apple Computer
[2009.06.24 18:34:30 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Arcsoft
[2010.04.30 12:01:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Avira
[2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip
[2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited
[2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools
[2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon
[2010.05.24 17:09:00 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DivX
[2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure
[2011.01.10 23:11:56 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\dvdcss
[2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync
[2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ
[2008.12.24 18:12:25 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Identities
[2010.02.08 10:27:32 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Intel
[2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech
[2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec
[2008.12.24 18:34:23 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Macromedia
[2011.05.11 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Media Center Programs
[2011.01.11 11:06:44 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft
[2009.01.04 15:20:21 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla
[2010.06.01 19:41:58 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla-Cache
[2011.05.11 15:38:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Skype
[2011.05.11 15:37:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\skypePM
[2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator
[2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Thunderbird
[2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars
[2009.01.16 00:02:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\vlc
[2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount
[2009.01.26 18:06:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.01.14 22:31:29 | 001,887,176 | -H-- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.02.14 13:42:14 | 002,832,544 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Jan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut_ITA.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5_2.exe
[2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut8.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008.06.16 14:38:28 | 000,396,312 | ---- | M] (Intel Corporation) MD5=DB0C1076AB442C09D2A3AB0410DBEA0D -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\drivers\iaStor.sys
[2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3506096f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.12.31 17:29:08 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011.02.18 17:45:03 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---


und die extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.05.2011 08:12:59 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
 
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CE4A6A-F06F-4366-AE9B-6E70BB89DE0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{09B82570-3BB2-402A-AABE-D38A6B9C3822}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | 
"{173F39C8-37A0-4F3F-86C0-D34CAB4451D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C69006A-2E0E-4382-93CB-948BFEF8FB41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2788C89C-A771-4FE5-A147-51E6F92210B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | 
"{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DA0A055-2572-4B08-AEB9-8B7F5BC99828}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3EC03EB-F404-4C85-A112-C926F3C1601C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B6129F98-5342-4BD7-A045-2C3D171406AB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E774DC70-4AC2-479C-B161-FC99184EE300}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{EE8ADA95-22C5-4DC6-84AA-9D36EA4DBFA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16E42212-A15C-48CE-9073-508FEAEFE664}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{20F2D4B7-19A5-40A8-9291-F0879CBE9A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{21D7F792-EAA0-4AA6-B5C6-9253918B18B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{281EB8C8-643F-4D98-BDAC-8D05A552D952}" = dir=in | app=d:\itunes.exe | 
"{2A8F1A49-2850-47AB-973E-E11E73AF44DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2CF5B874-02FD-4478-8C89-5818B91AC8E1}" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | 
"{30F3FA6C-0344-4AF4-8A9F-5C5E55244046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A6474B3-ECBB-4689-96FF-F219E59BD076}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3C4F0119-CFB6-419D-B9DF-24AD0F821FF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4380B52E-A787-4603-B21F-5B24E7DB0A85}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4BC170A8-5160-4FFB-A6A3-2201BBB02492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4CEA9209-D265-4DC4-BEF2-ED3342489566}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D9A4AE1-138F-4A3E-8873-6662FA533DA5}" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | 
"{649876CF-55C5-4A59-B13F-CF0F09DFEB72}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{66524954-1A7D-4521-9E16-CAB4A754C040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6C3A9DE7-C491-40DD-914B-711BEBDE37EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A838FA0-C956-4EA6-9F9F-6A48CF5B82FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B363943-F519-4943-88A3-C62E618978B6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9EE09123-FC48-4462-A1B9-ACA39B7D3CE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC00ECA8-E002-43F2-82CF-89BDDDA5A2C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C30F3283-D4EC-48E8-8444-4A18B0D56BC1}" = protocol=6 | dir=out | app=system | 
"{C5B226B3-994D-4D8B-9E9F-CD7741B7F5FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D449E915-CCCB-415F-998E-929C10BCC103}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D97A9791-AC34-40BA-AFE0-50961854AF61}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E88E1CC0-09DE-492B-B589-34F587550CE6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{ED7BA02F-87B6-4115-AA41-66918D696096}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FB7FB1F5-6B68-43B2-8843-4CAB94688883}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{22ADB944-B67E-4388-85BC-338DF4F4341C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{3E71F2AB-8143-47D8-A547-F66AA69C3C2D}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{408E1988-6D15-424C-96FF-D9EF96471740}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe | 
"TCP Query User{40AC4BD8-B0F0-4897-8876-F4A12EAFD6FB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{6D6B22E1-3F93-4F66-BE36-84197EBAF7CF}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe | 
"TCP Query User{8721F485-62E5-46DB-B40A-0460E2163EA2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{9DF7F28C-F068-4F21-99C9-315E5984801F}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | 
"TCP Query User{9E5B76CC-0CB6-4803-9799-83B48A3A68E7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AD5105DD-7E38-41D5-ABC6-285E61612EDB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{373D7826-9BB6-4B0D-81DA-83CBC64B18C0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{385D0C3C-C9BF-4AAE-AB00-35FEEEE51B7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{47FADEE7-4440-4D03-8F1E-705760EE965F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{68E6AE18-B636-4F7E-8D91-75B7ED3A6B35}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{CE1BE129-7050-4F91-8A2F-DA1230557270}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe | 
"UDP Query User{D5604953-DFDC-404D-9B26-4353384C0D3C}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe | 
"UDP Query User{D82358CE-F86D-4F9A-923D-5F05DF9E444F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E8D8381F-920C-4793-9B2D-E9E7F477184B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{F0CDC56D-1B83-4C1E-8AC6-B2295AFDEB7D}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = 
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"ICQToolbar" = ICQ Toolbar
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSC" = McAfee SecurityCenter
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"VoipDiscount_is1" = VoipDiscount
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mixxx (1.8.2)" = Mixxx 1.8.2
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Geändert von bärtiger (12.05.2011 um 08:40 Uhr)

Alt 12.05.2011, 10:34   #2
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



jo, halte zu mindest mal dein windows aktuell und die instalierten programme :-)
aber: ich hätte gern alle Malwarebytes logs gesehen, zu finden unter malwarebytes, logdateien.
__________________

__________________

Alt 12.05.2011, 10:43   #3
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



hallo markus,
hier die malware-logs. danke schonmal für deine antwort.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6557

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12.05.2011 00:29:24
mbam-log-2011-05-12 (00-29-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303008
Laufzeit: 2 Stunde(n), 1 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 15

Infizierte Speicherprozesse:
c:\programdata\nmpssakhhnawe.exe (Rogue.Installer.Gen) -> 2648 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\\AppData\Local\mcatxib.dll (Tro.Hiloti) -> Delete on reboot.
c:\Users\\AppData\Local\ixujifoh.dll (Tro.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hwefutiyayiyoh (Tro.Hiloti) -> Value: Hwefutiyayiyoh -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NMpsSakHhNAWe (Rogue.Installer.Gen) -> Value: NMpsSakHhNAWe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Tro.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bdidomurediqatar (Tro.Agent.U) -> Value: Bdidomurediqatar -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\13688733 (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\Recycle.Bin (Tro.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\\AppData\Local\mcatxib.dll (Tro.Hiloti) -> Delete on reboot.
c:\programdata\nmpssakhhnawe.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\0.10605338910302353.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\0.23062796517450623.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\0.6699041339626213.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14\884358e-4079b667 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\\AppData\Roaming\Adobe\plugs\mmc23240342.txt (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\Users\\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Tro.SpyEyes) -> Quarantined and deleted successfully.
c:\Users\\AppData\Roaming\Adobe\plugs\mmc104.exe (Tro.Agent) -> Quarantined and deleted successfully.
c:\Users\\AppData\Roaming\Adobe\plugs\mmc88.exe (Tro.Agent) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\ixujifoh.dll (Tro.Agent.U) -> Delete on reboot.
c:\Recycle.Bin\config.bin (Tro.Spyeyes) -> Quarantined and deleted successfully.
__________________

Alt 12.05.2011, 10:49   #4
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



das gefällt mir überhaupt nicht.
machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2011, 11:13   #5
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



Ja ich mache einkäufe usw. per internet. was bedeutet das für mich?
ich hab jetzt übrigens mal ne testversion von f-secure-internet-security runtergeladen, macht das sinn?

hier der log von combo-fix

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-11.02 -  12.05.2011  11:59:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1112 [GMT 2:00]
ausgeführt von:: c:\users\\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\pokerstars\PokerStars.exe
c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}
c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome.manifest
c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome\content\_cfg.js
c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome\content\overlay.xul
c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\install.rdf
c:\users\\AppData\Roaming\Adobe\plugs
c:\users\\AppData\Roaming\Adobe\plugs\mmc23289233.txt
c:\users\\AppData\Roaming\Adobe\shed
c:\users\\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\\AppData\Roaming\Desktopicon
c:\users\\AppData\Roaming\Desktopicon\config.ini
c:\users\\mbam-setup.exe
c:\users\Public\mbam-setup.exe
c:\users\Public\SpywareTerminator282Setup.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-12 bis 2011-05-12  ))))))))))))))))))))))))))))))
.
.
2011-05-12 09:55 . 2011-05-12 09:56	--------	d-----w-	c:\program files\F-Secure
2011-05-12 09:52 . 2011-05-12 09:54	--------	d-----w-	c:\programdata\fssg
2011-05-12 09:51 . 2011-05-12 09:54	--------	d-----w-	c:\programdata\f-secure
2011-05-11 20:23 . 2011-05-11 20:23	--------	d-----w-	c:\users\\AppData\Roaming\Malwarebytes
2011-05-11 20:23 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-11 20:23 . 2011-05-11 20:23	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-11 20:23 . 2011-05-11 20:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-11 20:23 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-11 15:09 . 2011-05-12 09:54	--------	d-----w-	c:\program files\Spyware Terminator
2011-05-11 14:58 . 2011-05-11 14:58	--------	d-----w-	c:\programdata\WindowsSearch
2011-05-11 12:51 . 2011-05-11 12:51	0	----a-w-	c:\users\\AppData\Local\Ixuyefub.bin
2011-05-11 06:31 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 06:41 . 2011-05-10 06:42	--------	d-----w-	c:\programdata\Skype Extras
2011-05-10 06:41 . 2011-05-10 06:41	--------	d-----w-	c:\program files\Common Files\Skype
2011-05-10 06:18 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8375DDE5-D475-4D15-9497-A45B58912545}\mpengine.dll
2011-04-28 06:02 . 2011-03-03 14:56	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 06:02 . 2011-03-03 13:01	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-15 14:39 . 2011-04-15 14:39	1090952	----a-w-	c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-04-13 22:40 . 2011-04-13 22:40	4284416	----a-w-	c:\windows\system32\GPhotos.scr
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:56 . 2011-04-28 06:02	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-28 06:02	459776	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-28 06:02	541696	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-28 06:02	2153984	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08	963976	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-01-08 19:30	645328	------w-	c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-08 22:23	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-27 18:03	148888	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-10-26 05:39	1029416	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 0151251305193992mcinstcleanup;McAfee Application Installer Cleanup (0151251305193992);c:\users\\AppData\Local\Temp\015125~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-31 717296]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-06-25 13312]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-01-16 31248]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-03-28 1363088]
S4 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2010-12-01 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]
.
2011-05-11 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2011-05-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2010-11-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ebay.de\www
Trusted Zone: eintracht-schkeuditz.de\www
FF - ProfilePath - c:\users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://webmail.eva.mpg.de/ox6/ox.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Bdidomurediqatar - c:\users\\AppData\Local\ixujifoh.dll
MSConfigStartUp-Hwefutiyayiyoh - c:\users\\AppData\Local\mcatxib.dll
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-12 12:06
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-12  12:08:49
ComboFix-quarantined-files.txt  2011-05-12 10:08
.
Vor Suchlauf: 12 Verzeichnis(se), 63.300.419.584 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 63.097.098.240 Bytes frei
.
- - End Of File - - 714213EAA9B354DD10EB1C72824B0FB2
         
--- --- ---


Alt 12.05.2011, 12:12   #6
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



poste einen GMER report
http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
--> Einschätzung otl-log

Alt 12.05.2011, 13:01   #7
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



hier ist das ding

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-12 13:59:33
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0000
Running: snx8mips.exe; Driver: C:\Users\\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

?      System32\Drivers\spms.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x91806340, 0x3E9407, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6                                          
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f                                          
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e                                          
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  D:\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xB3 0xAC 0x81 0x33 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x98 0xBE 0x4E 0xDC ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x97 0x7E 0x19 0xF8 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet)                      
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet)                      
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet)                      
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xB3 0xAC 0x81 0x33 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x98 0xBE 0x4E 0xDC ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x97 0x7E 0x19 0xF8 ...

---- Disk sectors - GMER 1.0.15 ----

Disk   \Device\Harddisk0\DR0                                                                                                MBR read error
Disk   \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BEE.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BEF.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF0.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF1.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF2.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF3.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF4.log                                               131072 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF5.log                                               0 bytes
File   C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF6.log                                               131072 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 12.05.2011, 14:10   #8
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



download mbr check auf den desktop
http://ad13.geekstogo.com/MBRCheck.exe
rechtsklick als admin starten.
log wird auf dem desktop erstellt, dessen inhalt posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2011, 14:19   #9
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R560
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 146):
0x8481C000 \SystemRoot\system32\ntoskrnl.exe
0x84BC7000 \SystemRoot\system32\hal.dll
0x8C409000 \SystemRoot\system32\kdcom.dll
0x8C411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C471000 \SystemRoot\system32\PSHED.dll
0x8C482000 \SystemRoot\system32\BOOTVID.dll
0x8C48A000 \SystemRoot\system32\CLFS.SYS
0x8C4CB000 \SystemRoot\system32\CI.dll
0x8C5AB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C627000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C634000 \SystemRoot\System32\Drivers\spms.sys
0x8C734000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C73D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C763000 \SystemRoot\system32\drivers\acpi.sys
0x8C7A9000 \SystemRoot\system32\drivers\msisadrv.sys
0x8C7B1000 \SystemRoot\system32\drivers\pci.sys
0x8C7D8000 \SystemRoot\System32\drivers\partmgr.sys
0x8C7E7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C7EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C809000 \SystemRoot\system32\drivers\volmgr.sys
0x8C818000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C862000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C872000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C942000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x8C98A000 \SystemRoot\system32\drivers\atapi.sys
0x8C992000 \SystemRoot\system32\drivers\ataport.SYS
0x8C9B0000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C9E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C9F2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CA63000 \SystemRoot\system32\drivers\ndis.sys
0x8CB6E000 \SystemRoot\system32\drivers\msrpc.sys
0x8CB99000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CC03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CD12000 \SystemRoot\system32\drivers\volsnap.sys
0x8CD4B000 \SystemRoot\System32\Drivers\spldr.sys
0x8CD53000 \SystemRoot\System32\Drivers\mup.sys
0x8CD62000 \SystemRoot\System32\drivers\ecache.sys
0x8CD89000 \SystemRoot\system32\drivers\disk.sys
0x8CD9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8CDBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8CEA1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8CEAC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x91806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91F33000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91FD2000 \SystemRoot\System32\drivers\watchdog.sys
0x91FDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8CEB5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CEF3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91009000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x91391000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x913DD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x913E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x913F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF05000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91000000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF33000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CF3E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91002000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CF56000 \SystemRoot\System32\Drivers\a2ph0vaa.SYS
0x8CF8D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CF9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x92806000 \SystemRoot\system32\DRIVERS\storport.sys
0x92847000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92852000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92869000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92874000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92897000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x928A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x928BA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x928CF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x928DF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x928E1000 \SystemRoot\system32\DRIVERS\ks.sys
0x9290B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92915000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92922000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92956000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92967000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92B67000 \SystemRoot\system32\drivers\portcls.sys
0x92B94000 \SystemRoot\system32\drivers\drmk.sys
0x92BB9000 \SystemRoot\system32\drivers\HdAudio.sys
0x8CFCA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x92BF8000 \SystemRoot\System32\Drivers\Null.SYS
0x91FF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFD3000 \SystemRoot\System32\drivers\vga.sys
0x8CFDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBDB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBE3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CBEE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C800000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x93407000 \SystemRoot\System32\drivers\tcpip.sys
0x934F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x9350B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x93521000 \SystemRoot\system32\DRIVERS\smb.sys
0x93535000 \SystemRoot\system32\drivers\afd.sys
0x9357D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x935AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x935C5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x935CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x935DE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x935E5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x935F3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x93606000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x93642000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9364A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x93654000 \SystemRoot\System32\Drivers\dfsc.sys
0x9366B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93682000 \SystemRoot\System32\Drivers\StkCMini.sys
0x94806000 \SystemRoot\System32\Drivers\StkCPipe.sys
0x9545C000 \SystemRoot\System32\Drivers\StkCSF.sys
0x9548B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95498000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9B010000 \SystemRoot\System32\win32k.sys
0x95568000 \SystemRoot\System32\drivers\Dxapi.sys
0x95572000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B230000 \SystemRoot\System32\TSDDD.dll
0x9B250000 \SystemRoot\System32\cdd.dll
0x95581000 \SystemRoot\system32\drivers\luafv.sys
0x9559C000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x955A4000 \SystemRoot\system32\drivers\spsys.sys
0x95653000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95663000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9568D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95697000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x956AA000 \SystemRoot\system32\drivers\HTTP.sys
0x95717000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95734000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9574D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95762000 \SystemRoot\system32\drivers\mrxdav.sys
0x95782000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x957A1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x957DA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x937CE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8CDC4000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7400000 \SystemRoot\system32\drivers\peauth.sys
0xA74DE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA74E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA74F4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA750A000 \??\C:\Users\\AppData\Local\Temp\uwldypow.sys
0xA7523000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0xA7557000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0xA7569000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0xA7586000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x76E00000 \Windows\System32\ntdll.dll
0x10000000 \DAEMON Tools Lite\daemon.dll

Processes (total 72):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
596 csrss.exe
648 C:\Windows\System32\wininit.exe
660 csrss.exe
692 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\nvvsvc.exe
964 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\winlogon.exe
1408 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\wlanext.exe
1652 C:\Windows\System32\rundll32.exe
1756 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\taskeng.exe
2028 C:\Windows\System32\svchost.exe
584 C:\Windows\System32\dwm.exe
1440 C:\Windows\explorer.exe
1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
724 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2060 C:\Program Files\Bonjour\mDNSResponder.exe
2080 C:\Windows\System32\svchost.exe
2108 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2232 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2324 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2372 C:\Windows\System32\svchost.exe
2400 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2432 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2624 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2764 C:\Windows\System32\svchost.exe
2776 C:\Windows\System32\StkCSrv.exe
2832 C:\Windows\System32\svchost.exe
2880 C:\Windows\System32\SearchIndexer.exe
3212 C:\Windows\System32\taskeng.exe
3248 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
3256 C:\Windows\System32\taskeng.exe
3308 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
3328 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
3464 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3648 WmiPrvSE.exe
3832 C:\Windows\RtHDVCpl.exe
3848 C:\Windows\ehome\ehtray.exe
4012 C:\Windows\ehome\ehmsas.exe
1512 C:\Program Files\Windows Media Player\wmpnscfg.exe
2872 C:\Program Files\Windows Media Player\wmpnetwk.exe
2276 C:\Windows\System32\wbem\unsecapp.exe
3120 C:\Windows\System32\wuauclt.exe
3784 C:\Program Files\Mozilla Firefox\firefox.exe
4080 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
528 C:\Program Files\ICQ7.2\ICQ.exe
436 C:\Program Files\Skype\Phone\Skype.exe
4212 C:\Program Files\Skype\Plugin Manager\skypePM.exe
6132 C:\Program Files\Mozilla Firefox\plugin-container.exe
4780 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
5956 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
4776 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
5388 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
1964 C:\Windows\System32\SearchProtocolHost.exe
3644 C:\Windows\System32\SearchFilterHost.exe
5004 dllhost.exe
5252 dllhost.exe
4628 C:\Users\\Desktop\MBRCheck.exe
3976 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Alt 12.05.2011, 14:21   #10
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



ist das nen gerät mit recovery partition?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2011, 14:26   #11
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



ähhhm, keine ahnung...wie finde ich das raus?

Alt 12.05.2011, 14:27   #12
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



ist schon ok, habs rausgefunden, der mbr scheint io.
welche probleme gibts mit dem pc noch?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2011, 14:53   #13
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



gar keine, läuft einwandfrei. kannst du mir irgendwas empfehlen, wie ich mich dauerhaft und gut gegen solche trojaner schützen kann?

Alt 12.05.2011, 15:25   #14
markusg
/// Malware-holic
 
Einschätzung otl-log - Standard

Einschätzung otl-log



jo geht los.
servicepack2 für vista:
Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465)
internet explorer 9:
Internet Explorer - Microsoft Windows
windows update:
Microsoft Windows Update
hier instalierst du so lange updates, bis es keine neuen mehr gibt.
windows updates automatisch laden/instalieren:
Aktivieren oder Deaktivieren von automatischen Updates
damit dein system ab sofort immer aktuell bleibt.

wenn fertig, melden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.05.2011, 17:00   #15
bärtiger
 
Einschätzung otl-log - Standard

Einschätzung otl-log



alles gemacht, außer ie9 installiert. ich arbeite mit firefox. soll besser sein als ie, oder stimmt das nicht.
soll ich noch was machen?

Antwort

Themen zu Einschätzung otl-log
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivir, audiograbber, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, canon, converter, ebay.de, error, excel.exe, firefox, format, frage, google, home, install.exe, location, logfile, microsoft office 2003, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, object, office 2007, oldtimer, otl-log, picasa, plug-in, realtek, registry, rundll, scan, searchplugins, security update, server, software, sptd.sys, spyware, spyware terminator, start menu, svchost.exe, vista, wrapper




Ähnliche Themen: Einschätzung otl-log


  1. Einschätzung zu "Immunet 3"
    Antiviren-, Firewall- und andere Schutzprogramme - 07.08.2014 (7)
  2. mobilecashmechanisms wahrscheinlich gmx Spambot - um Einschätzung wird gebeten
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (17)
  3. einschätzung malware-log
    Log-Analyse und Auswertung - 22.02.2012 (17)
  4. ARP Cache Spoofing - oder auch: Man-in-the-middle Attac - Kurze Einschätzung von euch?
    Log-Analyse und Auswertung - 08.12.2011 (6)
  5. Brauche kurze Einschätzung der Lage
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (1)
  6. Allgemeiner Systemcheck: Bitte um Einschätzung (Trojaner cleansweep?)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (1)
  7. Sandboxie - eine einschätzung
    Antiviren-, Firewall- und andere Schutzprogramme - 07.04.2009 (7)
  8. Bitte um Profi Einschätzung
    Log-Analyse und Auswertung - 13.05.2006 (11)

Zum Thema Einschätzung otl-log - Guten Morgen, ich hatte gestern einen trojaner-befall des typs "TR/Kazy.mekml.1". Nun habe ich, entsprechend der anleitung des forums, malewarebytes ausgeführt, und die infizierten datein gelöscht. außerdem habe ich otl.exe und - Einschätzung otl-log...
Archiv
Du betrachtest: Einschätzung otl-log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.